EUVD-2026-32049
GHSA-grx5-r275-m4vr
CVSS VectorNVD
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:L
Lifecycle Timeline
1DescriptionNVD
An insecure password scheme refers to vulnerabilities arising from improper selection of encryption algorithms, inadequate key management, or flawed code implementation, which may lead to data leakage or tampering, such as hard-coded keys or the use of weak encryption algorithms.
AnalysisAI
Information disclosure in ZTE ZXUniPOS NDS-LTE (V24.40.40 and earlier, and V24.30.40CP02 and earlier) stems from an insecure cryptographic password scheme - such as hard-coded keys, weak encryption algorithms, or poor key management - that lets remote, unauthenticated attackers recover or tamper with protected data. The CVSS vector (AV:N/AC:H/PR:N) indicates network reachability without credentials but with high attack complexity, and the primary impact is confidentiality loss (C:H) with minor integrity and availability effects. …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: inventory all ZTE ZXUniPOS NDS-LTE deployments and document running versions (V24.40.40 and earlier, V24.30.40CP02 and earlier). Within 7 days: implement network access controls restricting connectivity to these systems, enable enhanced monitoring for suspicious access attempts, and classify exposed data sensitivity. …
Sign in for detailed remediation steps.
Share
External POC / Exploit Code
Leaving vuln.today